diff --git a/charts/loki-stack/Chart.lock b/charts/loki-stack/Chart.lock
index 5599af2b0bdd2cabe88e9a9342627e2d8687ed76..6a3a6d9c597bf5d4c5e3592f0567369b46e39dd0 100644
--- a/charts/loki-stack/Chart.lock
+++ b/charts/loki-stack/Chart.lock
@@ -1,9 +1,9 @@
dependencies:
- name: loki
repository: https://grafana.github.io/helm-charts
- version: 2.8.3
+ version: 2.8.4
- name: promtail
repository: https://grafana.github.io/helm-charts
version: 2.2.0
-digest: sha256:a8eb9406745de861630e6991921a99581d3db7d910a95342c275388221b8fc17
-generated: "2021-12-17T21:11:55.486796+01:00"
+digest: sha256:8068457c894a1e43cb062a61e9771b098166d2037a794aaaf0f609e2da06de98
+generated: "2021-12-30T01:13:12.81986+01:00"
diff --git a/charts/oauth2-proxy/Chart.lock b/charts/oauth2-proxy/Chart.lock
deleted file mode 100644
index 45bbf8d54282d11b9c9edc45cce4e0240250c8db..0000000000000000000000000000000000000000
--- a/charts/oauth2-proxy/Chart.lock
+++ /dev/null
@@ -1,6 +0,0 @@
-dependencies:
-- name: oauth2-proxy
- repository: https://charts.bitnami.com/bitnami
- version: 1.1.2
-digest: sha256:2c96b2e37e712be0c2c964fb667f61e0a33f2a15664a377c2b2e0f89b1540edd
-generated: "2021-12-08T10:17:01.676532+01:00"
diff --git a/charts/oauth2-proxy/Chart.yaml b/charts/oauth2-proxy/Chart.yaml
deleted file mode 100644
index 605341a23bb1bcb065aa83f03b42dab584f738a2..0000000000000000000000000000000000000000
--- a/charts/oauth2-proxy/Chart.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v2
-name: addon-oauth2-proxy
-version: 1.1.2
-dependencies:
- - name: oauth2-proxy
- version: 1.1.2
- repository: https://charts.bitnami.com/bitnami
diff --git a/charts/oauth2-proxy/values.secret.yaml b/charts/oauth2-proxy/values.secret.yaml
deleted file mode 100644
index 446fd8d40c569de4e8b57d8a5ba14728fd9c2336..0000000000000000000000000000000000000000
--- a/charts/oauth2-proxy/values.secret.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-oauth2-proxy:
- configuration:
- clientID: ENC[AES256_GCM,data:V/GKBY42x5RJrQTovKqq,iv:85HW57KWaD7/i1oguIwjTQGgVdA1wdPKmHGbFzJcsBA=,tag:Cdk3wwar/VNdIXFCeqvp9Q==,type:str]
- clientSecret: ENC[AES256_GCM,data:bQIPtxQA0q35dvPWE+aEyA6Yv6bij2BRArgEVptOVkeCZyhzM9dsF7OxoPVJCn3grRurIfugsMHsqYWN/1NBTM/XjEvgXkLyxZKfOO+B/J9jBF861PnY49m1cQX1VZ8WeUOQKOxKjrYCizwSQ+8IQ/qWFbqPZt9Mo4iwYVSYC57bK59My9fBKIAmWKc2Mk8vu2kafV3inaa//vlJlEyWjtTHfwOp9q3kMqGOrQ==,iv:D2kUEXYYnqzt2wR1OKj19UcFiUy6HwGDzVYH7F7PA2w=,tag:8PENfL/9u+utPQ0gwNqDWg==,type:str]
- cookieSecret: ENC[AES256_GCM,data:/zLEYmNbWsMxn+MubU9eDOiYQFx3pkfl6PLy+DGbH0BZd3AUcNWqV5qhblI=,iv:4xeh5UiLjyd6n+6hdPsLep9tGS5WT7zGhdP4RThd1VQ=,tag:eHn5TPcM+PbrGSKC4CSbqw==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1r9chn8pl3d4msxktw457x3xz2l8p04pwuyd7pkgldkmkakras5ks7tfsyq
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZUWJVVUNXOWdlWUwvZlV6
- NFBESVNBL0FLL3VRaFAxQStaMkw4amFSN1M0CjNvazJIR2tvL0dTanlqcmpBYVB3
- SjNmQm5BWWxPRFRvYnBOWVAyWTkyR2cKLS0tIDNYdkZEK2N3dHA1YnM2OEVjcU1x
- Y1kremZ2M1FMT1hObHNLN0xsRFpBOXcKZEIFbWqcqY4LUQfw53OKclt70M2g1EPX
- wuzdnIEIitqURqbyzUwRTXSNPdVPmv9ZL0LNj60ps0/VzVyQ7QJJpg==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1a7y6qdywcn0krtqmrqn9qc5hhg2lz2qd0ag2u0cwr3r3jmcce5jqwxajps
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhNENETkV2OW1vMEVNWk9x
- TlBscjZPSzdEbEU4VjRiT3pNQ1dKc0o0KzBjCkNtNDZuZ21xNUFTcUlhSUZCNVlr
- VnBCL20vMGxTMnUvVkZQcXprZ1AzUG8KLS0tIFdOdHJjWlljQlIrL2I3bGR6QVdm
- L2FrUFp1anN0aVI5dVlxZHFqT0MzWUkKiq9Fhfo0ySt/XUKIM0B6o7gZSzaJrzNz
- 5INTJUDGdUtG4+aAZ/dAHwk4MXb92KpzuitOhb5lHI+wGigDmWQWWg==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1wvtkhug4q7fcs7wz03kpn77ruqkkwp2xqq30npv4287wtf3w8ukq370vre
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ1k4V2lyTmMvZWdvMFUx
- b2I5Z2lSUGl4djF5ejdDZ2VZQ3cxVmdKeFRVCksyMEpMMGpEeFdKcEg5Rm05TktM
- WEZSSi9nV0szeThRR3BTWjhqbHZuakUKLS0tIHdNaUl6L0J6eUFSU2pMOW5XVUg3
- cTV3TTUwTFB1U09pUGpXQlpWMFBxLzQKeSABUEYRzq6ehPzznSCy/P70+MsWla8T
- hM/QFLx4IvNZEE0o7az9+MoteU12SdxaeB3CBQpccVq4hNDfhJ5eKg==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1yw9ea3vtvf5cy8v0z7v8s59xel5fckcer5pp7n2nkjrm9xpf4alq8e89g5
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MDRzbFdiN3oyTzNUZ0hG
- QjN3bmNPSklxOEFGRDlGdjFEU0lFbGVHN1RNCnVMOGxJSFBPOHR5dG00NnUwRVR3
- cWlSTGZuYm0yVXU3bnlMbHZybEpJN0EKLS0tIFAyNVhRT3JvcGZYNm44UlBqUlpR
- Q0NEVmt4RVNuTzBHWnBlQXJWeDQxY2cKdmF0NFPLcsJ3RmZcHA7OxI50zOWgtNvu
- sIMFpIO6WSvuVZV7pR9DDqCU2ogWgURhGkFacdfCqt9oKQLT+hIVyA==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2021-12-23T23:30:26Z"
- mac: ENC[AES256_GCM,data:9Tu6wyTbBMkYso8bRqCM/4FB9ExtkysusHM/MJf0P0YQHXPk5PtzrL2clqRVyPlEQITLFuRHQgRejO0HlSQb0JXV2PfAGllIK/r6TqHcRS5X19nU0P6xaCcOH/i8FGtL5H3mZSx7OTLkFsWCaP9+Cvo/Y/tPtJQOemVcGysWJCg=,iv:MDg4Bx/VCd3iu1YCXlKXIjRGjF7+e3VboI0j1FtKQhw=,tag:IkKrIp0WPkvFKLrcBttlKQ==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.7.1
diff --git a/charts/oauth2-proxy/values.yaml b/charts/oauth2-proxy/values.yaml
deleted file mode 100644
index 26fc328dcd92a8aca3c9112d304cb45800fc0b86..0000000000000000000000000000000000000000
--- a/charts/oauth2-proxy/values.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-oauth2-proxy:
- configuration:
- existingSecret:
- ingress:
- enabled: true
- tls: true
- hostname: auth.exneuland.rc3.world
- annotations:
- "cert-manager.io/cluster-issuer": "letsencrypt-prod"
- extraArgs:
- - --provider=oidc
- - --provider-display-name="CCCV SSO"
- - --oidc-issuer-url=https://sso.cccv.de
- - --alpha-config=/bitnami/oauth2-proxy/conf/alfa-config.yaml
- - --cookie-domain=exneuland.rc3.world
- - --whitelist-domain=.exneuland.rc3.world
- redis:
- auth:
- enabled: false
diff --git a/kubeval.sh b/kubeval.sh
index 7990df8219dfbf882307d2c3aacdeb3b1935fda2..8f8f758cfbd6c19f4db8b71f51508653db31a3f3 100755
--- a/kubeval.sh
+++ b/kubeval.sh
@@ -1,18 +1,27 @@
#!/usr/bin/env bash
# Kubeval every application in the overlays
-for stage in ./overlays/*/ ;
+for stage in ./kustomize/overlays/*/ ;
do
for app in $stage*/ ;
do
echo "[kubeval] Testing $app"
- if [ -f $app/secret-generator.yaml ] ;
- then
- echo "[kubeval|debug] make secret-generator.yaml empty"
- echo "" > ${app}secret-generator.yaml
- fi
+ kustomize build --enable-alpha-plugins --enable-helm ${app} | kubeval --ignore-missing-schemas --strict --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/
- kustomize build --enable-alpha-plugins --enable-helm ${app} | kubeval --ignore-missing-schemas --strict
+ echo ""
done
done
+
+# Kubeval every helm chart
+for chart in ./charts/*/ ;
+do
+ echo "[kubeval] Testing $chart"
+ cd $chart
+ helm dependency update > /dev/null 2>&1
+ helm dependency build > /dev/null 2>&1
+ helm template . --values values.yaml 2>/dev/null | kubeval --ignore-missing-schemas --strict --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/
+ cd -
+
+ echo ""
+done
\ No newline at end of file
diff --git a/kustomize/bases/exneuland/deployment.yaml b/kustomize/bases/exneuland/deployment.yaml
index 38408c1bab05b80b441074e2e97cc5c60efbafcd..708b658cd75c7fafd6131bcbe5a72e534eb3e5d3 100644
--- a/kustomize/bases/exneuland/deployment.yaml
+++ b/kustomize/bases/exneuland/deployment.yaml
@@ -21,45 +21,45 @@ spec:
spec:
terminationGracePeriodSeconds: 60
imagePullSecrets:
- - name: regcred
+ - name: regcred
volumes:
- - name: config-volume
- secret:
- secretName: exneuland-config
- containers:
- - name: exneuland
- image: registry.git.cccv.de/hub/exneuland:deploy
- imagePullPolicy: Always
- ports:
- - containerPort: 4000
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: RELEASE_COOKIE
- valueFrom:
- secretKeyRef:
- name: exneuland-cookie
- key: RELEASE_COOKIE
- volumeMounts:
- name: config-volume
- readOnly: true
- mountPath: "/etc/exneuland"
- resources:
- limits:
- memory: 512Mi
- cpu: "500m"
- requests:
- memory: 256Mi
- cpu: "250m"
- readinessProbe:
- httpGet:
- path: /ready
- port: 4000
- initialDelaySeconds: 5
- periodSeconds: 5
+ secret:
+ secretName: exneuland-config
+ containers:
+ - name: exneuland
+ image: registry.git.cccv.de/hub/exneuland:deploy
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 4000
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: RELEASE_COOKIE
+ valueFrom:
+ secretKeyRef:
+ name: exneuland-cookie
+ key: RELEASE_COOKIE
+ volumeMounts:
+ - name: config-volume
+ readOnly: true
+ mountPath: "/etc/exneuland"
+ resources:
+ limits:
+ memory: 512Mi
+ cpu: "500m"
+ requests:
+ memory: 256Mi
+ cpu: "250m"
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 4000
+ initialDelaySeconds: 5
+ periodSeconds: 5
diff --git a/kustomize/bases/exneuland/ingress.yaml b/kustomize/bases/exneuland/ingress.yaml
index c62641fcd39285e34dd08e68ebc603a20ba5e03e..99b38e83eee449f5e6a1fd81ea25f717c6edfbad 100644
--- a/kustomize/bases/exneuland/ingress.yaml
+++ b/kustomize/bases/exneuland/ingress.yaml
@@ -15,17 +15,17 @@ metadata:
spec:
ingressClassName: nginx
rules:
- - host: exneuland.rc3.world
- http:
- paths:
- - backend:
- service:
- name: exneuland
- port:
- number: 80
- path: /
- pathType: ImplementationSpecific
+ - host: exneuland.rc3.world
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: exneuland
+ port:
+ number: 80
tls:
- - hosts:
- - exneuland.rc3.world
- secretName: exneuland-tls
+ - secretName: exneuland-tls
+ hosts:
+ - exneuland.rc3.world
diff --git a/kustomize/bases/exneuland/monitoring.yaml b/kustomize/bases/exneuland/monitoring.yaml
index fce29b92f72c0ef54f3f409ba33ce49c09f9f40e..a54c945bc10225851e6d7537586fc24a06976015 100644
--- a/kustomize/bases/exneuland/monitoring.yaml
+++ b/kustomize/bases/exneuland/monitoring.yaml
@@ -7,4 +7,4 @@ spec:
matchLabels:
app: exneuland
endpoints:
- - port: http
+ - port: http
diff --git a/kustomize/bases/exneuland/rbac.yaml b/kustomize/bases/exneuland/rbac.yaml
index acd842aee2465a4b652c013977b8ca4fa4838b90..31b365e4fe913a123477ac9f60c462361a86077c 100644
--- a/kustomize/bases/exneuland/rbac.yaml
+++ b/kustomize/bases/exneuland/rbac.yaml
@@ -3,18 +3,19 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
rules:
-- apiGroups: [""]
- resources: ["pods"]
- verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get", "list", "watch"]
+
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: serviceaccount-read
subjects:
-- kind: ServiceAccount
- name: default
- namespace: default
+ - kind: ServiceAccount
+ name: default
+ namespace: default
roleRef:
kind: Role
name: read-pods
diff --git a/kustomize/bases/exneuland/service.yaml b/kustomize/bases/exneuland/service.yaml
index f827f7412b9caa09341689f9ada05a89557d8eb9..8a67728c5e4876c43c6ea92e0810faef11cd7062 100644
--- a/kustomize/bases/exneuland/service.yaml
+++ b/kustomize/bases/exneuland/service.yaml
@@ -5,6 +5,7 @@ metadata:
labels:
app: exneuland
spec:
+ type: ClusterIP
selector:
app: exneuland
ports:
@@ -12,4 +13,3 @@ spec:
protocol: TCP
port: 80
targetPort: 4000
- type: ClusterIP
diff --git a/kustomize/bases/oauth2-proxy/helm-values.yaml b/kustomize/bases/oauth2-proxy/helm-values.yaml
deleted file mode 100644
index 3abe549ecd7c7221fb78ef95d742cacee83cdaed..0000000000000000000000000000000000000000
--- a/kustomize/bases/oauth2-proxy/helm-values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-ingress:
- enabled: true
- tls: true
- hostname: auth.exneuland.rc3.world
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt-prod"
- kubernetes.io/ingress.class: "nginx"
-extraArgs:
-# - --provider=oidc
-# - --provider-display-name="CCCV SSO"
-# - --oidc-issuer-url=https://sso.cccv.de
- - --alpha-config=/bitnami/oauth2-proxy/conf/alpha-config.yaml
-# - --cookie-domain=exneuland.rc3.world
-# - --whitelist-domain=.exneuland.rc3.world
-redis:
- auth:
- enabled: false
diff --git a/kustomize/bases/oauth2-proxy/kustomization.yaml b/kustomize/bases/oauth2-proxy/kustomization.yaml
deleted file mode 100644
index 97d3bb44346a3790ed85366ad0195cdb7b7a81e7..0000000000000000000000000000000000000000
--- a/kustomize/bases/oauth2-proxy/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: oauth2-proxy
-helmChartInflationGenerator:
- - chartName: oauth2-proxy
- chartRepoUrl: https://charts.bitnami.com/bitnami
- chartVersion: 1.1.2
- releaseName: oauth2-proxy
- values: helm-values.yaml
diff --git a/kustomize/overlays/dev/exneuland/kustomization.yaml b/kustomize/overlays/dev/exneuland/kustomization.yaml
index 6d8d7ed9b391e8cb24a95741bc412ac0bb3daaf8..d4b357f73e29fcba5378d6b0257d557004263f53 100644
--- a/kustomize/overlays/dev/exneuland/kustomization.yaml
+++ b/kustomize/overlays/dev/exneuland/kustomization.yaml
@@ -1,7 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+
bases:
- ../../../bases/exneuland/
+
+generators:
+ - secret-generator.yaml
+
patches:
- target:
kind: Ingress
@@ -26,6 +31,3 @@ patches:
patchesStrategicMerge:
- deployment.yaml
-
-generators:
- - generator.yaml
diff --git a/kustomize/overlays/dev/exneuland/generator.yaml b/kustomize/overlays/dev/exneuland/secret-generator.yaml
similarity index 100%
rename from kustomize/overlays/dev/exneuland/generator.yaml
rename to kustomize/overlays/dev/exneuland/secret-generator.yaml
diff --git a/kustomize/overlays/prod/exneuland/deployment.yaml b/kustomize/overlays/prod/exneuland/deployment.yaml
index 0302c1eb40f72836a7d8a2e39e527b7a2f536026..f3eadd76dbd9a80ec8b4aec2846fa9467e6a9d68 100644
--- a/kustomize/overlays/prod/exneuland/deployment.yaml
+++ b/kustomize/overlays/prod/exneuland/deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
metadata:
name: exneuland
spec:
- replicas: 50
+ replicas: 10
template:
spec:
containers:
diff --git a/kustomize/overlays/prod/exneuland/kustomization.yaml b/kustomize/overlays/prod/exneuland/kustomization.yaml
index 3ac5aa6df2f022dda101868927c78c103d0b0c36..e01b9887e4b54ea33fdd06d1c74a6990c3556f83 100644
--- a/kustomize/overlays/prod/exneuland/kustomization.yaml
+++ b/kustomize/overlays/prod/exneuland/kustomization.yaml
@@ -1,7 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+
bases:
- ../../../bases/exneuland/
+
+generators:
+ - secret-generator.yaml
+
patches:
- target:
kind: Ingress
@@ -26,6 +31,9 @@ patches:
patchesStrategicMerge:
- deployment.yaml
-
-generators:
- - generator.yaml
+ - |-
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ name: exneuland
+ $patch: delete
diff --git a/kustomize/overlays/prod/exneuland/generator.yaml b/kustomize/overlays/prod/exneuland/secret-generator.yaml
similarity index 100%
rename from kustomize/overlays/prod/exneuland/generator.yaml
rename to kustomize/overlays/prod/exneuland/secret-generator.yaml
diff --git a/kustomize/overlays/prod/oauth2-proxy/alpha-config.yaml b/kustomize/overlays/prod/oauth2-proxy/alpha-config.yaml
deleted file mode 100644
index 6f5efc3647702000fb86ea6dbbe0dc2bb9207737..0000000000000000000000000000000000000000
--- a/kustomize/overlays/prod/oauth2-proxy/alpha-config.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-#providers:
-# - oidcConfig:
-# issuerURL: https://sso.cccv.de
-# skipDiscovery: true
-
-
-providers:
- - clientid: bazquux
- clientsecret: xyzzyplugh
- clientsecretfile: ""
- oidcconfig:
- issuerurl: https://login.microsoftonline.com/fabrikamb2c.onmicrosoft.com/v2.0/
- insecureallowunverifiedemail: false
- insecureskipissuerverification: false
- insecureskipnonce: true
- skipdiscovery: true
- jwksurl: ""
- emailclaim: email
- groupsclaim: groups
- useridclaim: email
- id: providerID
- type: oidc
- name: ""
- loginurl: ""
- redeemurl: ""
- profileurl: ""
- validateurl: ""
\ No newline at end of file
diff --git a/kustomize/overlays/prod/oauth2-proxy/config.cfg b/kustomize/overlays/prod/oauth2-proxy/config.cfg
deleted file mode 100644
index d5373b0cd5777c7617e23177b042e07c96bb51e4..0000000000000000000000000000000000000000
--- a/kustomize/overlays/prod/oauth2-proxy/config.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-email_domains = [ "*" ]
-upstreams = [ "file:///dev/null" ]
\ No newline at end of file
diff --git a/kustomize/overlays/prod/oauth2-proxy/kustomization.yaml b/kustomize/overlays/prod/oauth2-proxy/kustomization.yaml
deleted file mode 100644
index b9d8b14d38a2696c8ad0445f71669e19c3a2db34..0000000000000000000000000000000000000000
--- a/kustomize/overlays/prod/oauth2-proxy/kustomization.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
- - ../../../bases/oauth2-proxy/
-generators:
- - ./secret-generator.yaml
-configMapGenerator:
-- name: oauth2-proxy
- behavior: replace
- namespace: oauth2-proxy
- files:
- - config.cfg
- - alpha-config.yaml
-patches:
- - target:
- kind: Deployment
- name: oauth2-proxy
- patch: |-
- - op: remove
- path: /spec/template/spec/containers/0/args/1
- - op: remove
- path: /spec/template/spec/containers/0/args/0
diff --git a/kustomize/overlays/prod/oauth2-proxy/oauth2.secret.yaml b/kustomize/overlays/prod/oauth2-proxy/oauth2.secret.yaml
deleted file mode 100644
index 83d10bea8d9a432ad038a8f372c1ea9992060599..0000000000000000000000000000000000000000
--- a/kustomize/overlays/prod/oauth2-proxy/oauth2.secret.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
- name: oauth2-proxy
- namespace: oauth2-proxy
- annotations:
- kustomize.config.k8s.io/behavior: replace
-stringData:
- client-id: ENC[AES256_GCM,data:YB3fUH5hJFXdnUdpewN2,iv:RWW6lhkT3N/g4OindzBuJmWN50vjU09dFNo/5pioL5E=,tag:SCPy3Ncw+Wr8v0vpMJEh1Q==,type:str]
- client-secret: ENC[AES256_GCM,data:Dcad89dKCL7WA0BTSMVAqhkCO3wmqBNDWixEO+0pedvO8vQVzwOYKsV8XrWSiLy71JKufVVE9Ru6FN57dfModS+fYdXPyb0MJtViYLiTu2lLPTALIF0Tq1pSTgSxOwgWNkixomNrL4L80MI3xy0+qMjJIO7R1zAKY+NqHTlT+LY=,iv:ED/Fvu46lp1iug4zWoR9/eSpWv4VhO7fmf2eEQFNDHU=,tag:US9swFtCkOSb2GMh/ireYw==,type:str]
- cookie-secret: ENC[AES256_GCM,data:M8FYxaPOfuXPP7jQWrhigp/8pqYdDrxfOpAZBXl/Ksw=,iv:tIZzNw3bTYcymmVbHxhXO2HZ7icQvQrl5+4L6gajcBg=,tag:pxXNZqdLKV+mD7poTypTxA==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1r9chn8pl3d4msxktw457x3xz2l8p04pwuyd7pkgldkmkakras5ks7tfsyq
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRy9KYXZoSkNHMVlBWGxv
- ZW04QnltYXdpSmhCZ1VOSThMc3BNaXZYMEZ3CjR0c0hxV2pPK05sd25udFZNMzll
- TURXYldNNHp0WGtzMTVvbERQMTBMdzAKLS0tIDFMeXdyRUVaWGtFQytuY2ZKNGFJ
- WTFGaUl3ei94dTd5N2ZYcHlqMzFaSXcKhdEq29j8H64GsxWZRVrozNYT8qpZ0m4c
- eHHE8xJUm3uyCXr7UENPEiXzHFkpAAQ0N9G0/Vc6UrCDGh/5+BIG7Q==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1a7y6qdywcn0krtqmrqn9qc5hhg2lz2qd0ag2u0cwr3r3jmcce5jqwxajps
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBabUUwSGZKR3ZDakdnNFFQ
- bDdoK3JXbkcwZ1N3MDVMODdvV0UvbUQrdlh3Cjc5T25hTGVwM3JVU0VqTVpaNDYz
- R1dvYmxVUWNzNVdMZUZjRzRscjk5TEkKLS0tIFo0QVdxbkVHaDFMOWNjT3haYjVX
- V0dTc1VycmRIeHpMNTliYmk4dUZRNG8KyeQ++2+U05FwIz0uMtUyHnPn+AX2EujJ
- npvJ0AOVcPFRF12Dwm6vIj3BAEhjp2RoA1P4L5vYWFO8+HvIjiFVnA==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1wvtkhug4q7fcs7wz03kpn77ruqkkwp2xqq30npv4287wtf3w8ukq370vre
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM2k2VFNLZnhvMkRCNmVP
- MXZGMXZyeFRFVWdVY3ZSRFh6WTZOcFBjbm1vCnZ4YkxqdjlOT3lZRWVvMElGOEFE
- dHlESXk2Z0ZQS3FuWFJ1a2g1dzNhY0kKLS0tIEJ6WkVZTGVjVVFPaWk0TnluQ0ZF
- MHVQeHVTZG1MN0FkdXpHVjRXWVJJSHMKQXHa1P61XShY4juGxHYmEU2IkqLlpnN3
- 24MbVUJDZODokS46ID2udf9hj5N7wMtadldNNhEobD5SD21O+Mvp1Q==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1yw9ea3vtvf5cy8v0z7v8s59xel5fckcer5pp7n2nkjrm9xpf4alq8e89g5
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUlpUMjFQcnh6ZU4ycUdO
- Q1FkVW50cXlHYVp1REErUFdvcVEwQ2xFMEJZCmxXQTNlVFE4QkNtbTF6Z1BUem0z
- bGJiVW9FZmdGM3lhMFdlcy9PcWVWK2cKLS0tIC9xNXdjTS93KysrTHAxd0dTNjdD
- WUF0d1FZQ00xdmNEWGVnOFJlZUtHWFUK5e2O/pQjANiThX/X1FUNYzgRzFtk0c12
- NBlcA0DynqbI1S5ncow6ssaUaf6Hqq19X3V2/NuvMZTmqK3W8b71Ng==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2021-12-23T23:40:36Z"
- mac: ENC[AES256_GCM,data:oKsAGLArV3VnbowY/Yw+Cr4Y6cyi1ZBYuzgOrBPCaEare3Cm0nTK7m9o1Ty7VHAd5AQBwu2ehfB0gLwHOAg6DhI9o+ImxMQCWj7rbQGiGiAFfmv39ips5JqifO5oWCBYKMdoPG1j3J3zRxT2G518WHjoQ9gXCDCmiighTZ3lSRw=,iv:8ehAsYyzkNr02BVU9NfraOJnDRKv828nqPwkeicONe0=,tag:+9qA/FP6ctcECWzD4VDH9Q==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData|spec)$
- version: 3.7.1
diff --git a/kustomize/overlays/prod/oauth2-proxy/secret-generator.yaml b/kustomize/overlays/prod/oauth2-proxy/secret-generator.yaml
deleted file mode 100644
index 553c51d28d1715c03855eb64dcead5702872730c..0000000000000000000000000000000000000000
--- a/kustomize/overlays/prod/oauth2-proxy/secret-generator.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: viaduct.ai/v1
-kind: ksops
-metadata:
- name: kube-prometheus-stack
-files:
- - ./oauth2.secret.yaml
diff --git a/kustomize/overlays/staging/exneuland/kustomization.yaml b/kustomize/overlays/staging/exneuland/kustomization.yaml
index 9f4d6218f64267ed15f67b25aabd99ab41a54d92..2c07637fa46d9e394275961d568760a920efc5ff 100644
--- a/kustomize/overlays/staging/exneuland/kustomization.yaml
+++ b/kustomize/overlays/staging/exneuland/kustomization.yaml
@@ -1,7 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+
bases:
- ../../../bases/exneuland/
+
+generators:
+ - secret-generator.yaml
+
patches:
- target:
kind: Ingress
@@ -26,6 +31,3 @@ patches:
patchesStrategicMerge:
- deployment.yaml
-
-generators:
- - generator.yaml
diff --git a/kustomize/overlays/staging/exneuland/generator.yaml b/kustomize/overlays/staging/exneuland/secret-generator.yaml
similarity index 100%
rename from kustomize/overlays/staging/exneuland/generator.yaml
rename to kustomize/overlays/staging/exneuland/secret-generator.yaml